diff --git a/SOURCES/add_not_s390x_cpe_dictionary.diff b/SOURCES/add_not_s390x_cpe_dictionary.diff
index e3703c4..9361ab5 100644
--- a/SOURCES/add_not_s390x_cpe_dictionary.diff
+++ b/SOURCES/add_not_s390x_cpe_dictionary.diff
@@ -1,3 +1,16 @@
+diff --git a/rhel6/cpe/rhel6-cpe-dictionary.xml b/rhel6/cpe/rhel6-cpe-dictionary.xml
+index d0557cc..0984a4c 100644
+--- a/rhel6/cpe/rhel6-cpe-dictionary.xml
++++ b/rhel6/cpe/rhel6-cpe-dictionary.xml
+@@ -100,4 +100,8 @@
+             <title xml:lang="en-us">Package net-snmp is installed</title>
+             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_net-snmp_package</check>
+       </cpe-item>
++      <cpe-item name="cpe:/a:not_s390x_arch">
++            <title xml:lang="en-us">System architecture is not S390X</title>
++            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">proc_sys_kernel_osrelease_arch_not_s390x</check>
++      </cpe-item>
+ </cpe-list>
 diff --git a/rhel7/cpe/rhel7-cpe-dictionary.xml b/rhel7/cpe/rhel7-cpe-dictionary.xml
 index 50f8006c9..2a3915364 100644
 --- a/rhel7/cpe/rhel7-cpe-dictionary.xml
diff --git a/SOURCES/scap-security-guide-0.1.54-fix_jinja_expansion-PR_6511.patch b/SOURCES/scap-security-guide-0.1.54-fix_jinja_expansion-PR_6511.patch
new file mode 100644
index 0000000..42ee9dd
--- /dev/null
+++ b/SOURCES/scap-security-guide-0.1.54-fix_jinja_expansion-PR_6511.patch
@@ -0,0 +1,22 @@
+From 25db8e99d7b5ab89098da284d5cd3b7fa74f2018 Mon Sep 17 00:00:00 2001
+From: Gabriel Becker <ggasparb@redhat.com>
+Date: Wed, 6 Jan 2021 16:18:47 +0100
+Subject: [PATCH] Fix jinja expansion on installed_OS_is_vendor_supported.
+
+---
+ .../certified-vendor/installed_OS_is_vendor_supported/rule.yml  | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
+index 443c733188..7a51788e11 100644
+--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
++++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
+@@ -9,7 +9,7 @@ description: |-
+ {{% if product in ["ol7", "ol8"] %}}
+     Oracle Linux is supported by Oracle Corporation. As the Oracle
+     Linux vendor, Oracle Corporation is responsible for providing security patches.
+-{{% elif product == "sle12", "sle15" %}}
++{{% elif product in ["sle12", "sle15"] %}}
+     SUSE Linux Enterprise is supported by SUSE. As the SUSE Linux Enterprise
+     vendor, SUSE is responsible for providing security patches.
+ {{% else %}}
diff --git a/SOURCES/scap-security-guide-0.1.54-srg_ssh_client_rekey-PR_6409.patch b/SOURCES/scap-security-guide-0.1.54-srg_ssh_client_rekey-PR_6409.patch
new file mode 100644
index 0000000..293a74d
--- /dev/null
+++ b/SOURCES/scap-security-guide-0.1.54-srg_ssh_client_rekey-PR_6409.patch
@@ -0,0 +1,21 @@
+From 3fcd002082b8af57cba5dc56b1403abda6957aa3 Mon Sep 17 00:00:00 2001
+From: Milan Lysonek <mlysonek@redhat.com>
+Date: Mon, 23 Nov 2020 14:08:12 +0100
+Subject: [PATCH] Add SRG to ssh_client_rekey_limit
+
+---
+ .../software/integrity/crypto/ssh_client_rekey_limit/rule.yml    | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml b/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml
+index 735a68b264..1ff99481d2 100644
+--- a/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml
+@@ -30,6 +30,7 @@ identifiers:
+ 
+ references:
+     ospp: FCS_SSHS_EXT.1
++    srg: SRG-OS-000423-GPOS-00187
+ 
+ ocil_clause: 'it is commented out or is not set'
+ 
diff --git a/SOURCES/scap-security-guide-0.1.54-use_pam_wheel_srg-PR_6356.patch b/SOURCES/scap-security-guide-0.1.54-use_pam_wheel_srg-PR_6356.patch
new file mode 100644
index 0000000..98dafc0
--- /dev/null
+++ b/SOURCES/scap-security-guide-0.1.54-use_pam_wheel_srg-PR_6356.patch
@@ -0,0 +1,21 @@
+From ec2854ef669615dcee91ec8532b04f27553de4ea Mon Sep 17 00:00:00 2001
+From: Milan Lysonek <mlysonek@redhat.com>
+Date: Tue, 10 Nov 2020 09:47:06 +0100
+Subject: [PATCH] Add SRG references for use_pam_wheel_for_su rule
+
+---
+ .../root_logins/use_pam_wheel_for_su/rule.yml                    | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml
+index 260cbd3344..4cd0aaa842 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml
+@@ -22,6 +22,7 @@ identifiers:
+ 
+ references:
+     ospp: FMT_SMF_EXT.1.1
++    srg: 'SRG-OS-000373-GPOS-00156,SRG-OS-000312-GPOS-00123'
+ 
+ ocil_clause: 'the line is not in the file or it is commented'
+ 
diff --git a/SPECS/scap-security-guide.spec b/SPECS/scap-security-guide.spec
index be83448..22d8674 100644
--- a/SPECS/scap-security-guide.spec
+++ b/SPECS/scap-security-guide.spec
@@ -1,6 +1,6 @@
 Name:		scap-security-guide
 Version:	0.1.53
-Release:	3%{?dist}
+Release:	4%{?dist}
 Summary:	Security guidance and baselines in SCAP formats
 Group:		Applications/System
 License:	BSD
@@ -20,6 +20,9 @@ Patch8:		scap-security-guide-0.1.54-use_osrelease_check_system_arch-PR_6458.patc
 Patch9:		scap-security-guide-0.1.54-set_package_not_s390x_arch_to_none-PR_6462.patch
 # Patch 10 adds platform not_s390_arch to the CPE dictionary manually
 Patch10:		add_not_s390x_cpe_dictionary.diff
+Patch11:		scap-security-guide-0.1.54-fix_jinja_expansion-PR_6511.patch
+Patch12:		scap-security-guide-0.1.54-use_pam_wheel_srg-PR_6356.patch
+Patch13:		scap-security-guide-0.1.54-srg_ssh_client_rekey-PR_6409.patch
 
 BuildArch:	noarch
 
@@ -65,6 +68,9 @@ present in %{name} package.
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
+%patch12 -p1
+%patch13 -p1
 mkdir build
 
 %build
@@ -99,6 +105,11 @@ cd build
 %doc %{_docdir}/%{name}/tables/*.html
 
 %changelog
+* Fri Jan 08 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.53-4
+- Fix description of rule installed_OS_is_vendor_supported (RHBZ#1914193)
+- Fix RHEL6 CPE dictionary (RHBZ#1899059)
+- Fix SRG mapping references for ssh_client_rekey_limit and use_pam_wheel_for_su (RHBZ#1914853)
+
 * Tue Dec 15 2020 Gabriel Becker <ggasparb@redhat.com> - 0.1.53-3
 - Enforce pam_wheel for "su" in the OSPP profile (RHBZ#1884062)
 - Fix case insensitive checking in rsyslog_remote_tls (RHBZ#1899032)